Please excuse me if this is an off list topic. I think this may be specific to OpenLDAP so I'm trying here.
I'm running OpenLDAP 2.4.7 w/ BerkeleyDB 4.6.21 on Solaris-10.
I'm running OpenLDAP as a fairly standard NIS replacement. In particular I have a DIT ou=group,dc=nyc,dc=deshaw,dc=com made of objects of class posixGroup (from the supplied nis.schema file). Solaris want to get a getgrmember() (undocumented subroutine call) which does a ldap search like the first one following.
This search returns nentries=0 ldapsearch -x -LLL -h 127.0.0.1 -b 'ou=group,dc=nyc,dc=deshaw,dc=com' '(&(objectClass=posixGroup)(memberUid=marantz))'
conn=2354 op=1 SRCH base="ou=group,dc=nyc,dc=deshaw,dc=com" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=marantz))" conn=2354 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
But this search shows at least one object that I think should match ldapsearch -x -LLL -h 127.0.0.1 -b 'ou=group,dc=nyc,dc=deshaw,dc=com' '(&(objectClass=posixGroup)(cn=www))' dn: cn=www,ou=Group,dc=nyc,dc=deshaw,dc=com objectClass: posixGroup objectClass: top cn: www userPassword:: XXXXXXXXXXXX gidNumber: XXXX memberUid: XXXXXX memberUid: marantz memberUid: XXXXXX memberUid: XXXX memberUid: XXXXXX memberUid: XXXXXX memberUid: XXX memberUid: XXXXXXXX
conn=3087 op=1 SRCH base="ou=group,dc=nyc,dc=deshaw,dc=com" scope=2 deref=0 filter="(&(objectClass=posixGroup)(cn=www))" conn=3087 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
The only difference I can find is the Equality Matching value for the 2 attributes. I notice that cn has a Equality Matching value of caseIgnoreMatch vs. caseExactA5Match for memberUid. (at least according to http://ldap.akbkhome.com/index.php/objectclass/posixGroup.html) I don't see how, but could that be involved in my problem?
Any help would be greatly appreciated. Thanks. Roy